Re: LACP trunk load balancing hash algorithm

[Claer]

On Mon, Jan 17 2011 at 35:23, Jason Healy wrote:
 I had a few hours to play with a hardware traffic generator today, I wanted to
 try beating up my OpenBSD setup to see what kind of throughput I could get.
 
 For the curious, I was able to pulverize it with 64 byte packets and it topped
 out at about 165kpps.  Throughput was less than physical interface speed
 (about 800Mbps).  For fun, I cranked the payload size up to 1500 bytes, but I
 couldn't get the box to exceed 1Gbps, even though I had several gigabit
 interfaces trunked together.  At first, it was a switch problem (the switch
 was sending all the traffic over a single link).  However, after I found out
 my switches LACP hash algorithm I was able to spread the traffic out by
 randomizing the port numbers.
I also played with a traffic generator recently. Here are sone numbers with the
tests we've done :

Hardware : Dell R310, 2 Gb of RAM, CPU was a quad core, I didn't wrote the exact
model yet. I could bring it in a few days.
NIC : Intel gigabit Quad port ET2 (Chipset 82576)
Software : 4.8-stable, no patch, no sysctl customisation except ip.forwarding=1
Firewall Ruleset : echo pass all  /etc/pf.conf  pfctl -f /etc/pf.conf

Max pps =~ 330-340K
Test IMIX =~ 1,1 Gb/s

We were able to fully route 2Gb/s of traffic with 1024 packet length 
(1 Gb/s in each direction) without loosing a single packet.

Theorically, the box should be able to route 4Gb/s (33*10^4*1518*8)
Largely enougth for our use :)

 I then confirmed that 4Gbps of traffic was leaving the switch to the OpenBSD
 box, but only 1Gbps was coming back.  Therefore, I'm guessing that the
 load-balancing algorithm for OpenBSD does not behave the same way as my
 Juniper switching gear.  Does anybody know the LACP hash that the trunk
 interface in OpenBSD uses to load-balance the outgoing traffic?  I didn't have
 time to do more than a cursory test with different port numbers and IP
 addresses, so I'm not sure what I might be doing wrong, or if its even
 possible to use layer 3/4 info in OpenBSD to hash the traffic.  Since I'm
 using the box as a router, layer 2 hashing doesn't help me very much since the
 source MAC is always the same.
 
 I took a peek at the source, but I'm definitely not a C hacker, so nothing
 jumped out at me for computing the hash...
 
 Thanks,
 
 Jason

Claer

Re: LACP trunk load balancing hash algorithm

[Claudio Jeker]

On Mon, Jan 17, 2011 at 11:35:02PM -0500, Jason Healy wrote:
 I had a few hours to play with a hardware traffic generator today, I wanted to
 try beating up my OpenBSD setup to see what kind of throughput I could get.
 
 For the curious, I was able to pulverize it with 64 byte packets and it topped
 out at about 165kpps.  Throughput was less than physical interface speed
 (about 800Mbps).  For fun, I cranked the payload size up to 1500 bytes, but I
 couldn't get the box to exceed 1Gbps, even though I had several gigabit
 interfaces trunked together.  At first, it was a switch problem (the switch
 was sending all the traffic over a single link).  However, after I found out
 my switches LACP hash algorithm I was able to spread the traffic out by
 randomizing the port numbers.
 
 I then confirmed that 4Gbps of traffic was leaving the switch to the OpenBSD
 box, but only 1Gbps was coming back.  Therefore, I'm guessing that the
 load-balancing algorithm for OpenBSD does not behave the same way as my
 Juniper switching gear.  Does anybody know the LACP hash that the trunk
 interface in OpenBSD uses to load-balance the outgoing traffic?  I didn't have
 time to do more than a cursory test with different port numbers and IP
 addresses, so I'm not sure what I might be doing wrong, or if its even
 possible to use layer 3/4 info in OpenBSD to hash the traffic.  Since I'm
 using the box as a router, layer 2 hashing doesn't help me very much since the
 source MAC is always the same.
 
 I took a peek at the source, but I'm definitely not a C hacker, so nothing
 jumped out at me for computing the hash...
 

165kpps is fairly low. Please add a dmesg so there is a chance to see what
is causing this low rate. Modern HW with good nics should handle around
500kpps.

Btw. trunk is using src  dest MAC addrs, a possible vlan tag and the IP /
IPv6 src  dst addrs to build the hash. It does not use port numbers.
The function used for this is trunk_hashmbuf().

-- 
:wq Claudio

Re: LACP trunk load balancing hash algorithm

[Jason Healy]

On Jan 18, 2011, at 6:51 AM, Claudio Jeker wrote:

 165kpps is fairly low. Please add a dmesg so there is a chance to see what
 is causing this low rate. Modern HW with good nics should handle around
 500kpps.

Good to know.  Right now we're only on a 45Mbps connection at about 5kpps, so
that seemed fine to me.  =)  I've attached the dmesg below.  It's nothing
fancy, as our needs aren't too huge.  I was just pushing this particular
machine to its limits for fun to see what it could do since I had the traffic
generator on-site for a little extra time.

I didn't have a lot of time, so proper repeated testing wasn't really
possible.  Even though we don't have the box anymore, I may set up some iperf
machines later to push it again just to verify the config (or test any
suggestions I receive from the list).

When the packet rate leveled off, we were at about 90% interrupt / 7% idle on
one CPU.  The other CPU was (as expected), idle.  Booting to SP didn't make a
noticeable difference.  There were a significant number of ifq drops, though I
figured that was because the box was getting twice as much traffic in as it
was passing back out (and increasing maxlen substantially didn't do much).

The ruleset is simple:

===
table ixiablue { 192.168.100.101 } counters
table ixiared { 192.168.101.101 } counters

altq on trunk1 hfsc bandwidth 2Gb queue { other , toblue , tored }
queue other hfsc(realtime 10Mb linkshare 10Mb upperlimit 10Mb default)
queue toblue hfsc(realtime 100Mb linkshare 100Mb upperlimit 2Gb) qlimit 50
queue tored hfsc(realtime 100Mb linkshare 100Mb upperlimit 2Gb) qlimit 50

block log (all)

pass flags any

pass out on trunk1 from ixiablue to ixiared queue tored
pass out on trunk1 from ixiared to ixiablue queue toblue
===

Turning off queuing improved performance somewhat, but isn't helpful as a
real-world test since we rely on queuing in our production environment.

 Btw. trunk is using src  dest MAC addrs, a possible vlan tag and the IP /
 IPv6 src  dst addrs to build the hash. It does not use port numbers.
 The function used for this is trunk_hashmbuf().

Interesting.  We definitely were seeing one of the interfaces in the trunk
totally unused for traffic outbound from the OpenBSD box. Since it doesn't use
port numbers, I suppose it's possible that we were just unlucky with the
src/dst IPs (we were only testing with two endpoint addresses and relying on
the multiple layer 4 ports to hash differently).

The trunk interface had a single IP (no vlans), and we were routing traffic to
it from our core switch using a policy routing scheme (we normally have a box
like this deployed in an off-path routing setup, so our core switch passes
traffic to it to be shaped).  Not sure if a routed setup like that changes the
hash (it doesn't sound like it should), but I thought I'd mention it.

We can try again with more IP addresses next time to see if that spreads the
traffic a little more.

Thanks,

Jason


# dmesg
OpenBSD 4.8 (GENERIC.MP) #335: Mon Aug 16 09:09:20 MDT 2010
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 3486973952 (3325MB)
avail mem = 3380334592 (3223MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xcfedf000 (39 entries)
bios0: vendor Phoenix Technologies LTD version 1.3a date 11/03/2009
bios0: Supermicro X7SBi
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S4 S5
acpi0: tables DSDT FACP _MAR MCFG HPET APIC BOOT SPCR ERST HEST BERT EINJ SLIC
SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT
acpi0: wakeup devices PXHA(S5) PEX_(S5) LAN_(S5) USB4(S5) USB5(S5) USB7(S5)
ESB2(S5) EXP1(S5) EXP5(S5) EXP6(S5) USB1(S5) USB2(S5) USB3(S5) USB6(S5)
ESB1(S5) PCIB(S5) KBC0(S1) MSE0(S1) COM1(S5) COM2(S5) PWRB(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU E3110 @ 3.00GHz, 3000.62 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,S
SSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG
cpu0: 6MB 64b/line 16-way L2 cache
cpu0: apic clock running at 333MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Xeon(R) CPU E3110 @ 3.00GHz, 3000.21 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,S
SSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG
cpu1: 6MB 64b/line 16-way L2 cache
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
ioapic1 at mainbus0: apid 3 pa 0xfecc, version 20, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 2 (PXHA)
acpiprt2 at acpi0: bus 3 (PEX_)
acpiprt3 at acpi0: bus 5 (EXP1)
acpiprt4 at acpi0: bus 13 (EXP5)
acpiprt5 at acpi0: bus 15 (EXP6)
acpiprt6 at acpi0: bus 17 (PCIB)
acpicpu0 at acpi0: C3, PSS
acpicpu1 at acpi0: C3, 

Relayd and URL Filter problem

[keith]

Hi,  We have the following code in our relayd.conf file and it works 
fantasticaly for our http traffic that we have been putting through it. 
We now want to start using webdav and have realised that the header 
change lines are stopping webdav from working for some reason. Is there 
possible to filter by domain so that say for webdav.domain.com we 
don't do any header change ? We realise that we could just get another 
IP address and get pf to forward to another port but if it's possible to 
filter in relayd then that would be our preferred option.


http protocol http_service { tcp { sack, socket buffer 65536, backlog 
1000 }

return error
header change X-Forwarded-For to $REMOTE_ADDR
header change Keep-Alive to $TIMEOUT
header change Connection to close
}

relay http_forwarder {
listen on 127.0.0.1 port 8080
protocol http_service
forward to web_hosts port 80 mode loadbalance check http / code 200
}

Thanks
Keith

Re: LACP trunk load balancing hash algorithm

[Insan Praja SW]

On Tue, 18 Jan 2011 18:51:32 +0700, Claudio Jeker  
cje...@diehard.n-r-g.com wrote:



On Mon, Jan 17, 2011 at 11:35:02PM -0500, Jason Healy wrote:
I had a few hours to play with a hardware traffic generator today, I  
wanted to
try beating up my OpenBSD setup to see what kind of throughput I could  
get.


For the curious, I was able to pulverize it with 64 byte packets and it  
topped

out at about 165kpps.  Throughput was less than physical interface speed
(about 800Mbps).  For fun, I cranked the payload size up to 1500 bytes,  
but I

couldn't get the box to exceed 1Gbps, even though I had several gigabit
interfaces trunked together.  At first, it was a switch problem (the  
switch
was sending all the traffic over a single link).  However, after I  
found out

my switches LACP hash algorithm I was able to spread the traffic out by
randomizing the port numbers.

I then confirmed that 4Gbps of traffic was leaving the switch to the  
OpenBSD

box, but only 1Gbps was coming back.  Therefore, I'm guessing that the
load-balancing algorithm for OpenBSD does not behave the same way as my
Juniper switching gear.  Does anybody know the LACP hash that the trunk
interface in OpenBSD uses to load-balance the outgoing traffic?  I  
didn't have

time to do more than a cursory test with different port numbers and IP
addresses, so I'm not sure what I might be doing wrong, or if its even
possible to use layer 3/4 info in OpenBSD to hash the traffic.  Since  
I'm
using the box as a router, layer 2 hashing doesn't help me very much  
since the

source MAC is always the same.

I took a peek at the source, but I'm definitely not a C hacker, so  
nothing

jumped out at me for computing the hash...



165kpps is fairly low. Please add a dmesg so there is a chance to see  
what

is causing this low rate. Modern HW with good nics should handle around
500kpps.



My november 21st i386.MP -current handles 1.3Mpps inbound and 1.3Mpps  
outbound packet during rootkits attacks on one of our collocated costumer,  
on an 80Mbps traffic, via a vlan interface. CPU is 1% idle, system still  
responsive (I get to ssh-ed the machine and see systat).


Btw. trunk is using src  dest MAC addrs, a possible vlan tag and the IP  
/

IPv6 src  dst addrs to build the hash. It does not use port numbers.
The function used for this is trunk_hashmbuf().



dmesg:

OpenBSD 4.8-current (GENERIC.MP) #21: Sun Nov 21 03:46:30 WIT 2010

r...@greenrouter-jkt01.mygreenlinks.net:/usr/src/sys/arch/i386/compile/GENERIC.MP
RTC BIOS diagnostic error ffixed_disk,invalid_time
cpu0: Intel(R) Xeon(R) CPU X3220 @ 2.40GHz (GenuineIntel 686-class) 2.41  
GHz
cpu0:  
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,S

SE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM
real mem  = 2142744576 (2043MB)
avail mem = 2097610752 (2000MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 03/26/07, SMBIOS rev. 2.4 @  
0x7fbe4000 (43 entries)
bios0: vendor Intel Corporation version  
S3000.86B.02.00.0054.061120091710 date 06/11/2009

bios0: Intel S3000AH
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S4 S5
acpi0: tables DSDT SLIC FACP APIC WDDT HPET MCFG ASF! SSDT SSDT SSDT SSDT  
SSDT HEST BERT ERST EINJ
acpi0: wakeup devices SLPB(S4) P32_(S4) UAR1(S1) PEX4(S4) PEX5(S4)  
UHC1(S1) UHC2(S1) UHC3(S1) UHC4(S1) EHCI(S1) AC9M(S4) AZAL(S4)

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 266MHz
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Xeon(R) CPU X3220 @ 2.40GHz (GenuineIntel 686-class) 2.41  
GHz
cpu1:  
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,S

SE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM
cpu2 at mainbus0: apid 1 (application processor)
cpu2: Intel(R) Xeon(R) CPU X3220 @ 2.40GHz (GenuineIntel 686-class) 2.41  
GHz
cpu2:  
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,S

SE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Xeon(R) CPU X3220 @ 2.40GHz (GenuineIntel 686-class) 2.41  
GHz
cpu3:  
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,S

SE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM
ioapic0 at mainbus0: apid 5 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 5
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 4 (P32_)
acpiprt2 at acpi0: bus 1 (PEX0)
acpiprt3 at acpi0: bus -1 (PEX1)
acpiprt4 at acpi0: bus -1 (PEX2)
acpiprt5 at acpi0: bus -1 (PEX3)
acpiprt6 at acpi0: bus 2 (PEX4)
acpiprt7 at acpi0: bus 3 (PEX5)
acpicpu0 at acpi0: PSS
acpicpu1 at acpi0: PSS
acpicpu2 at acpi0: PSS
acpicpu3 at acpi0: PSS
acpibtn0 

question about example in pf.conf(5)

[Harald Dunkel]

Hi folks,

pf.conf(5) says

 In the example below, packets bound for one specific server, as well as
 those generated by the sysadmins are not proxied; all other connections
 are.

 match in on $int_if proto { tcp, udp } from any to any port 80 \
   rdr-to 127.0.0.1 port 80
 pass in on $int_if proto { tcp, udp } from any to $server port 80
 pass in on $int_if proto { tcp, udp } from $sysadmins to any port 80

I don't see that yet. All traffic for 80/tcp on $int_if matches
the first line, so I would assume that all this traffic is
redirected, regardless whether the following pass in rules
match. They don't undo the redirection.

???

Sorry for asking. This might be trivial to you, but I am
still trying to get used to the new packet filter syntax.
Of course I checked the FAQs.

Any helpful comment would be highly appreciated.


Regards

Harri

Re: Page fault trap on IBM x336

[Marcos Laufer]

Hello Patrick,

Do you think this could work for 4.8?
How could you compile kernel and ramdisk kernel with the old 1.72 pci.c, 
using another box that boots 4.7?

Regards,
Marcos

Patrick Coleman wrote:
 On Wed, Jun 9, 2010 at 10:47 AM, patrick keshishian pkesh...@gmail.com 
 wrote:
   
 you realize obsd4.5 isn't supported any longer since 4.7 was released.
 

 Fair enough. I've managed to get 4.7 working by reverting
 /sys/dev/pci/pci.c to 1.72, as suggested in that thread, so I guess
 I'll try that.

 Cheers,

 Patrick

Re: question about example in pf.conf(5)

[Ingo Schwarze]

Hi Harald,

Harald Dunkel wrote on Tue, Jan 18, 2011 at 04:41:39PM +0100:

 pf.conf(5) says
 
  In the example below, packets bound for one specific server, as well as
  those generated by the sysadmins are not proxied; all other connections
  are.
 
  match in on $int_if proto { tcp, udp } from any to any port 80 \
rdr-to 127.0.0.1 port 80
  pass in on $int_if proto { tcp, udp } from any to $server port 80
  pass in on $int_if proto { tcp, udp } from $sysadmins to any port 80
 
 I don't see that yet. All traffic for 80/tcp on $int_if matches
 the first line, so I would assume that all this traffic is
 redirected, regardless whether the following pass in rules
 match. They don't undo the redirection.

pf.conf(5) also says:

  For each packet processed by the packet filter, the filter rules are
  evaluated in sequential order, from first to last.  For block and pass,
  the last matching rule decides what action is taken; if no rule matches
  ...

Yours,
  Ingo

x336 IBM servers reboots

[Marcos Laufer]

Hello list,

I'd like to inform that this problem:

http://www.pubbs.net/200910/openbsd/42943-46-reboots-x336-ibm-servers.html

keeps happening also with OpenBSD 4.7 and 4.8 .
The last version i can install or upgrade on this is 4.5. Didn't try 
-current yet.


I have several of this IBM x336 servers waiting to be running OpenBSD

Best regards,
Marcos Laufer

Re: question about example in pf.conf(5)

[Henning Brauer]

* Ingo Schwarze schwa...@usta.de [2011-01-18 16:59]:
 Hi Harald,
 
 Harald Dunkel wrote on Tue, Jan 18, 2011 at 04:41:39PM +0100:
 
  pf.conf(5) says
  
   In the example below, packets bound for one specific server, as well as
   those generated by the sysadmins are not proxied; all other connections
   are.
  
   match in on $int_if proto { tcp, udp } from any to any port 80 \
 rdr-to 127.0.0.1 port 80
   pass in on $int_if proto { tcp, udp } from any to $server port 80
   pass in on $int_if proto { tcp, udp } from $sysadmins to any port 
  80
  
  I don't see that yet. All traffic for 80/tcp on $int_if matches
  the first line, so I would assume that all this traffic is
  redirected, regardless whether the following pass in rules
  match. They don't undo the redirection.
 
 pf.conf(5) also says:
 
   For each packet processed by the packet filter, the filter rules are
   evaluated in sequential order, from first to last.  For block and pass,
   the last matching rule decides what action is taken; if no rule matches
   ...

that doesn't contradict the OP at all. match rdr-to is indeed sticky
and the example flawed. replacing the match with pass would make it
work.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Oportunidad de Negocio | en U.S.A.

[Franquicia | Reduce One]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
REDUCE ONE SEP 2010.001.jpg]

Re: Version numbering

[Mark Lumsden]

I obviously have to much time on my hands at the moment.

I like the link to http://www.openbsd.org/donations.html though.

And I think the original poster should donate an extra $50 to admonish
himself. 

-mark


Index: faq8.html
===
RCS file: /cvs/www/faq/faq8.html,v
retrieving revision 1.225
diff -u -p -r1.225 faq8.html
--- faq8.html   18 Jan 2011 16:31:37 -  1.225
+++ faq8.html   18 Jan 2011 19:11:13 -
@@ -63,6 +63,7 @@
 lia href= #wwwnotstd   8.23 - Why do the OpenBSD web pages not conform 
to HTML4/XHTML?/a
 lia href= #NTPerror8.24 - Why is my clock off by twenty-some 
seconds?/a
 lia href= #TimeZone8.25 - Why is my clock off by several hours?/a
+lia href= #Versions8.26 - Release Version Numbering/a
 /ul
 
 hr 
@@ -1422,6 +1423,26 @@ See also:
 lia href=faq6.html#OpenNTPDOpenBSD's NTPD/a
 /ul
 
+a name=Versions/a
+h28.26 - Release Version Numbering/h2
+
+An OpenBSD release is a biannual occurrence, taking place
+in the May and November of each year. With every release, the version number 
increments
+by 0.1. Therefore, if the release in May is x.7, the release in Dec will be 
x.8. This
+continues until x.9 is reached. Then, with the following release the whole 
number roles over.
+For example:
+
+p
+...4.7 - 4.8 - 4.9 - 5.0 - 5.1...etc
+
+p
+There is no x.10 or x.11.
+More information on the release cycle can be found
+a href=http://www.openbsd.org/faq/faq5.html#Flavors;here/a.
+More information on why it is done this way is available
+a 
href=http://www.openbsd.org/papers/asiabsdcon2009-release_engineering/;here/a.
+Importantly, releases will continue as long as there is
+a href=http://www.openbsd.org/donations.html;support/a.
 
 p
 font color= #e0

Re: x336 IBM servers reboots

[LEVAI Daniel]

On k, jan 18, 2011 at 12:06:19 -0300, Marcos Laufer wrote:
 Hello list,
 
 I'd like to inform that this problem:
 
 http://www.pubbs.net/200910/openbsd/42943-46-reboots-x336-ibm-servers.html
 
 keeps happening also with OpenBSD 4.7 and 4.8 .
 The last version i can install or upgrade on this is 4.5. Didn't try
 -current yet.
 
 I have several of this IBM x336 servers waiting to be running OpenBSD

http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yesnumbers=6523

-- 
LIVAI Daniel
PGP key ID = 0x83B63A8F
Key fingerprint = DBEC C66B A47A DFA2 792D  650C C69B BE4C 83B6 3A8F

Re: LACP trunk load balancing hash algorithm

[David Gwynne]

On 18/01/2011, at 11:25 PM, Insan Praja SW wrote:

 My november 21st i386.MP -current handles 1.3Mpps inbound and 1.3Mpps
outbound packet during rootkits attacks on one of our collocated costumer, on
an 80Mbps traffic, via a vlan interface. CPU is 1% idle, system still
responsive (I get to ssh-ed the machine and see systat).

where were you reading this 1.3Mpps value from?

dlg

Re: LACP trunk load balancing hash algorithm

[Ted Unangst]

On Tue, Jan 18, 2011 at 6:40 PM, David Gwynne l...@animata.net wrote:
 On 18/01/2011, at 11:25 PM, Insan Praja SW wrote:

 My november 21st i386.MP -current handles 1.3Mpps inbound and 1.3Mpps
 outbound packet during rootkits attacks on one of our collocated costumer, on
 an 80Mbps traffic, via a vlan interface. CPU is 1% idle, system still
 responsive (I get to ssh-ed the machine and see systat).

 where were you reading this 1.3Mpps value from?

I think David is asking because 1.3Mpps and 80Mbps implies your
traffic consists of 8 byte packets, which may be enough for source and
destination IP addresses, but doesn't leave room for the port numbers.
:)

Infrastructure Physical Security Methodology - Just released Ref: 989582

[Brian Adams, Training Manager, Government Training Inc.]

To:   misc@openbsd.org

The Integrated Physical Security Handbook II



Second Edition




5-Step Management Process  Toolkit to Assess and Secure Critical
Infrastructure

From All-Hazards Threats




Written  Compiled by:

Shuki Einstein and Don Philpott





  Integrated Physical Security   Integrated
Physical Security Handbook 2nd Edition

Questions?: Call or Email Barbara Musick, Bookstore Manager, at
barbara.mus...@governmenttraininginc.com or (941) 306-7968

Additional Security and Mangement Books Published by Government Training Inc.:
(For details, go to www.GovernmentTrainingInc.com)



Workplace Violence School Security  Handbook
for Managing Teleworkers   Handbook for Managing Teleworkers - Toolkit

Comments from Book Reviewers:

Quote:  Outstanding.  The added content makes a good reference even better.
Quote:  Your focus on a management process and checklists moves the
development of security plans within the reach of all levels of security
management.
Quote:  The use of icons to highlight important text makes reading this a
breeze.  Allows me to focus on the content of most interest to me.
Book Review:  Integrated Physical Security - 2nd Edition




The Integrated Physical Security Handbook has become the recognized manual for
commercial and government building and facility security managers responsible
for developing security plans based on estimated risks and threats -- natural
or terrorist. This new and much expanded edition provides even more tools to
effectively manage change and incorporates latest techniques and lessons
learned.




Using an easy to follow five step process the Handbook explains how to conduct
crucial risk and threat assessments, the basis for all physical security
planning. However, it also incorporates a methodology to ensure that the core
business function of the facility is not adversely impacted making it a
comprehensive integrated physical security program.



Using checklists and standard practices, it provides a hands-on, how-to guide
that leads you in a user-friendly way through all the steps and processes
needed to evaluate, design and implement an effective integrated physical
security system. The book was produced under the leadership of the Government
Training Inc. and written by a team of nationally recognized AE and security
experts.




This new edition covers a number of additional areas including convergence of
systems, building modeling, emergency procedures, privacy issues, cloud
computing, shelters and safe areas and disaster planning. There is also a
comprehensive glossary as well as access to a dedicated website at
www.physicalsecurityhandbook.com that provides purchasers of the book an
on-line library of over 300 pages of additional reference materials.




The first edition was bought by corporations and government agencies worldwide
and ASIS International in its five-star review said, This is an excellent
textbook for novice security managers and a great desk reference for industry
veterans.




This new, expanded and updated edition makes it an even more invaluable
resource.





The Integrated Physical Security Handbook - 2nd Edition

FAX Back or Mail Back Order Form, or

On-Line Purchase is available at our Secure Payment Server at
www.GovernmentTrainingInc.com/IPSH_Prior_Purchaser

Questions?: Call or Email Barbara Musick at
barbara.mus...@governmenttraininginc.com or (941) 306-7968

Shipping Address

Name: (Please Print)

Business Title:

Company/Agency:

Address:

City, State, and Zip Code

Phone Number:

Email Address:

Fax Number:

Purchase Fee:

Each purchaser will receive the following: One copy of the printed Grants
Writer's Handbook and password access to the reference library. Please allow 2
weeks for delivery of the printed handbook.

Government Rate:  $109.00 plus SH

Corporate Rate:  $129.00 plus SH (Includes contractors supporting government)

Please Note: To obtain the Government Purchase Rate of $109.00***

1. You must provide a Government Email Address (.gov, .mil, .us .edu etc)
2. You must provide a Government Office/Building Address

***$8.50 Shipping  Handling applies to all purchases for delivery in U.S..

International Rate:  $179.00 includes shipping with tracking number.

NOTE:  Government Training Inc. Tax ID:  27-0799412

Method of Payment - Discount Code: During checkout you will be offered an
opportunity to enter a COUPON CODE.  Enter SECURITY2011 as the code and you
will receive your $20.11 discount.  Remember, SH still applies.

__ _Company/Agency Check (payable to Government Training Inc.)   __ Credit
Card

Type of Credit Card (check one): __ Visa __ MasterCard __ American Express
Discover

Card Number: _

Exp. Date: _  Security Code ___

Name Printed on Card: __

(Please provide 

Scheduled tours

[Bushveld Safaris, Tours and Transfers]

Dear Sir / Madam

We have various unique, interesting  exciting Scheduled Tour Departures
itineraries for all age groups, that cover South Africa and other Southern
African countries. These packages are great value for money and they depart
with 6 - 12 persons per tour. Although, we guaranteed tour departure with 2 +
people for all tours.

Please find below a list of these tour departure dates for 2011  2012. We
recommend an Agents Add-on Commission of 15-20 %.

For further information, please contact me direct at b...@lantic.net
wlmailhtml:{F7762F0D-75AD-489F-9094-F663CD824E1A}mid://2596/!x-usc:mailt
o:b...@lantic.net or +27 (0) 12 9911818 or visit either of our websites
www.bushsafaris.co.za or www.selfdrivesa.com.

Kind regards

Laurence Marks



 bSCHEDULED TOURSb
DEPARTURES 2011  2012
Agents - we recommend you add a minimum of 15 - 20 % commission.

Itineraries can be viewed on our website - www.bushsafaris.co.za
wlmailhtml:{F7762F0D-75AD-489F-9094-F663CD824E1A}mid://2596/!x-usc:http:
//www.bushsafaris.co.za/



2011





11 Day - The Luxuries of Africa Tour
wlmailhtml:{F7762F0D-75AD-489F-9094-F663CD824E1A}mid://2596/!x-usc:http:
//www.bushsafaris.co.za/fun.html - 1 / 2011

Dates: 12 January 2011 to 22 January 2011
Closing Date: 12 November 2010
Price: R44 530.00 per person sharing

Your flight bookings: Arrive - Johannesburg (O R Tambo International) before
10h00
Depart - Cape Town after 19h00
Add-on tour: 3 x Nights / Victoria Falls is available










11 Day - Kruger to Limpopo Tour
wlmailhtml:{F7762F0D-75AD-489F-9094-F663CD824E1A}mid://2596/!x-usc:http:
//www.bushsafaris.co.za/bushveld.html - 2 / 2011

Dates: 02 February 2011 to 12 February 2011
Closing Date: 02 December 2010
Price: R19 725.00 per person sharing

Your flight bookings: Arrive - Johannesburg (O R Tambo International) before
10h00
Depart - Johannesburg (O R Tambo International) after 19h00
Add-on tour: 4 x Nights / Cape Town is available

3 x Nights / Victoria Falls is available












11 Day - Africabs Wildlife  the Zulu Kingdom Tour
wlmailhtml:{F7762F0D-75AD-489F-9094-F663CD824E1A}mid://2596/!x-usc:http:
//www.bushsafaris.co.za/zulutour.html - 3 / 2011

Dates: 16 February 2011 to 26 February 2011
Closing Date: 16 December 2010
Price: R18 765.00 per person sharing

Your flight bookings: Arrive - Johannesburg (O R Tambo International) before
10h00
Depart - Johannesburg (O R Tambo International) after 19h00
Add-on tour: 4 x Nights / Cape Town is available

3 x Nights / Victoria Falls is available










17 Day - The Magic of SA Tour
wlmailhtml:{F7762F0D-75AD-489F-9094-F663CD824E1A}mid://2596/!x-usc:http:
//www.bushsafaris.co.za/fun.html - 4 / 2011

Dates: 09 March 2011 to 25 March 2011
Closing Date: 09 January 2011
Price: R35 640.00 per person sharing

Your flight bookings: Arrive - Johannesburg (O R Tambo International) before
10h00
Depart - Cape Town International after 19h00

Add-on tour: 3 x Nights / Victoria Falls is available












11 Day - The Fairest Cape Tour
wlmailhtml:{F7762F0D-75AD-489F-9094-F663CD824E1A}mid://2596/!x-usc:http:
//www.bushsafaris.co.za/zulutour.html - 5 / 2011

Dates: 13 April 2011 to 23 April 2011
Closing Date: 13 February 2011
Price: R19 820.00 per person sharing

Your flight bookings: Arrive - Port Elizabeth via Johannesburg before 17h00
Depart - Cape Town after 19h00
Add-on tour: 3 x Nights / Kruger is available

   3 x Nights / Victoria Falls is available












11 Day - Africabs Wildlife  the Zulu Kingdom Tour
wlmailhtml:{F7762F0D-75AD-489F-9094-F663CD824E1A}mid://2596/!x-usc:http:
//www.bushsafaris.co.za/zulutour.html - 6 / 2011

Dates: 27 April 2011 to 07 May 2011
Closing Date: 27 February 2011
Price: R18 765.00 per person sharing

Your flight bookings: Arrive - Johannesburg (O R Tambo International) before
10h00
Depart - Johannesburg (O R Tambo International) after 19h00
Add-on tour: 4 x Nights / Cape Town is available

3 x Nights / Victoria Falls is available










11 Day - Africabs Wildlife  the Zulu Kingdom Tour
wlmailhtml:{F7762F0D-75AD-489F-9094-F663CD824E1A}mid://2596/!x-usc:http:
//www.bushsafaris.co.za/zulutour.html - 7 / 2011

Dates: 11 May 2011 to 21 May 2011
Closing Date: 11 March 2011
Price: R18 765.00 per person sharing

Your flight bookings: Arrive - Johannesburg (O R Tambo International) before
10h00
Depart - Johannesburg (O R Tambo International) after 19h00
Add-on tour: 4 x Nights / Cape Town is available

3 x Nights / Victoria Falls is available








11 Day - Kruger to Limpopo Tour
wlmailhtml:{F7762F0D-75AD-489F-9094-F663CD824E1A}mid://2596/!x-usc:http:
//www.bushsafaris.co.za/bushveld.html - 8 / 2011

Dates: 08 June 2011 to 18 June 2011
Closing Date: 08 April 2011
Price: R19 725.00 per person sharing

Your flight bookings: Arrive - Johannesburg (O R Tambo International) before
10h00

Alege o locuinta pentru tine

[Consilier CFI]

Daca aveti probleme cu vizionarea acestui email dati [click aici] pentru
a vizualiza varianta online!

[IMAGE]

[IMAGE]

Newsletter 18.01.2011  

[IMAGE]

CaseFaraIntermediari.roUrmariti-ne pe Facebook!Urmariti-ne pe 
Twitter!Urmariti-ne pe Blogger!

[IMAGE]

Ultimele anunturi adaugate

Vezi toate anunturile

[IMAGE]

[IMAGE]

Vila 4 camere - Clinceni, Ilfov

Vila 4 camere - Clinceni, Ilfov

69.000 EUR

  VANZARE

DETALII ;

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

Apartament 4 camere - Piata Romana, Bucuresti

Apartament 4 camere - Piata Romana, Bucuresti

160.000 EUR

  VANZARE

DETALII ;

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

Teren intravilan - Piata Unirii - Horoscop

Teren intravilan - Piata Unirii - Horoscop

1.045.000 EUR

  VANZARE

DETALII ;

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

Casa de vacanta - Secaria, Prahova

Casa de vacanta - Secaria, Prahova

125.000 EUR

  VANZARE

DETALII ;

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

Apartament 2 camere - Brancoveanu, Bucuresti

Apartament 2 camere - Brancoveanu, Bucuresti

52.000 EUR

  VANZARE

DETALII ;

[IMAGE]

[IMAGE]

Publica si tu un anunt!

[IMAGE]

Stiri Imobiliare

Vezi toate stirile

[IMAGE]

[IMAGE]

Promisiune: 50.000 de locuinte in patru ani. Realizare: cinci in doi ani

Promisiune: 50.000 de locuinte in patru ani. Realizare: cinci in doi ani
Cu efect dezamagitor pe piata constructiilor, programul continua cu
motorul subturat Guvernul va aproba maine prelungirea facilitatii si
alocarea a numai 200 de milioane de euro plafon de garantare, fata de
700-1.000 de milioane de euro la editiile preceden! te Programul „Prima
casa” a ...[CITESTE TOT]

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

Persoanele care iau credite bPrima Casab pun conturile curente drept gaj in 
favoarea bancii

Persoanele care iau credite bPrima Casab pun conturile curente drept
gaj in favoarea bancii
Persoanele care vor lua credite Prima CasD vor pune conturile curente
drept gaj nn favoarea bDncii, vor avea posibilitatea sD solicite
modificarea valutei, reeEalonarea sau r! escadenE#area nmprumutului, iar
condiE#ia privind asocierea a Eapte beneficiari pentru construcE#ia de
...[CITESTE TOT]

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

Cocor si-a dublat cifra de afaceri in T4, dupa redeschiderea magazinului

Cocor si-a dublat cifra de afaceri in T4, dupa redeschiderea magazinului
Cocor (COCR) a inregistrat in ultimul trimestru al anului 2010 o cifra de
afaceri de 8,4 mil lei, de doua ori mai mare fata de aceeasi perioada din
2009, in urma deschiderii Cocor Department Store in octombrie 2010,
anuntat luni compania. “Rezultatele din ultimul trimestru al anului
trecut ...[CITESTE TOT]

[IMAGE]

[IMAGE]

Oferte turistice

Vezi toate ofertele

[IMAGE]

[IMAGE]

Pensiunea The Guesthouse - Bran, Brasov

Pensiunea The Guesthouse - Bran, Brasov

negociabil

  INCHIRIERE

DETALII ;

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

Pensiunea Cezar - Moeciu

Pensiunea Cezar - Moeciu

negociabil

  INCHIRIERE

DETALII ;

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

Pensiunea Milenium - Bran

Pensiunea Milenium - Bran

negociabil

  INCHIRIERE

DETALII ;

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

Pensiunea Popasul Cavalerului - Bran

Pensiunea Popasul Cavalerului - Bran

negociabil

  INCHIRIERE

DETALII ;

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

Pensiunea Vila Andrei - Bran, Brasov

Pensiunea Vila Andrei - Bran, Brasov

60 EUR/luna

  INCHIRIERE

DETALII ;

[IMAGE]

[IMAGE]

Publica si tu un anunt!

Stiri economice

Vezi toate stirile

[IMAGE]

[IMAGE]

Sfarsitul lumii in 2012? Mayasii n-au vorbit niciodata de asa ceva

Sfarsitul lumii in 2012? Mayasii n-au vorbit niciodata de asa ceva
Oamenii de stiinta mexicani, membri ai Universitatii Nationale Autonome
din Mexic (UNAM), au specificat faptul ca nu exista profetii ale
civilizatiei mayase privind apocalipsa sau un pericol mondial care ar
urma sa se desfasoare in decembrie 2012, anunta agerpres.ro. In
scrierile ...[CITESTE TOT]

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

Basescu despre tigani: Le taiem alocatiile daca nu isi trimit copiii la scoala!

Basescu despre tigani: Le taiem alocatiile daca nu isi trimit copiii la
scoala!
Presedintele Traian Basescu a declarat, astazi, ca Romania va actiona mai
dur in rezolvarea problemei romilor, un exemplu fiind chiar retragerea
alocatiei pentru parintii care nu-si trimit copiii la scoala, a! nunta
realitatea.net. Exista o lipsa de intelegere fata de cat de ...[CITESTE
TOT]

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

Romania, cel mai mic salariu minim din UE in 2010

Romania, cel mai mic salariu minim din UE in 2010
Romania si Letonia sunt singurele tari din Uniunea Europeana in care
salariile minime in euro au fost mai mici anul trecut, potrivit unei
analize efectuate de Eurostat. Salariul minim nn Rombnia a scDzut nn
2010 de la 149 de euro la 141 de euro, clasbndu-se din acest ...[CITESTE
TOT]

[IMAGE]

[IMAGE]

Scoala romaneasca

Vezi toate scolile

[IMAGE]

[IMAGE]

Scoala  Nr. 195 

Scoala Nr. 195

Lunca Bradului Nr. 2

DETALII ;

[IMAGE]

[IMAGE]